CVE-2021-25069

CVE-2021-25069: WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS

Vendor Unknown
Product Download Manager
Weakness CWE-89 · SQLi
Published February 21, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

February 21, 2022 CVE published
August 3, 2024 Record updated